The Year of the Hack: What to Do About the Heartbleed Bug

If you laughed at those who got sucked into the Target hacking debacle because you personally only shop online, then the last laugh may be on you. Thanks to the terrifying-sounding "Heartbleed" vulnerability discovered this week, 2014 is shaping up to be the Year of the Hack. So what is Heartbleed, and what should you be doing about it?

Eric Limer at Gizmodo offers a thorough explanation about what Heartbleed is and how it works. Basically, it's a loophole that existed for years undetected in one of the Internet's most popular online security protocols. And because the protocol is open source, anyone and everyone could see it.

But you probably don't care about the why or how; you care about what it means for you. Unfortunately, there's not much you can do. Whitson Gordon at LifeHacker suggests the few steps users should take:

If possible, try to avoid connecting to vulnerable sites and services until they notify you of a fix. Changing your password won't help until the site has fixed the bug, so wait for confirmation from your favorite sites before you go changing passwords. If and when you do get confirmation, audit and update your passwords as usual. If a site is not vulnerable but doesn't issue a statement, change your passwords just in case they were vulnerable in the past.

Originally from the Hudson Valley, Ben now lives in Brooklyn. He has an English degree from Harvard, and loves movies, theater, and cooking. You can follow him on Twitter at @BenDealNews and @BKGlaser.

DealNews may be compensated by companies mentioned in this article.
Unless marked as a "Sponsored Deal," the opinions expressed here are
those of the author and have not been reviewed or endorsed by the
companies mentioned. Please note that, although prices sometimes
fluctuate or expire unexpectedly, all products and deals mentioned
in this feature were available at the lowest total price we could
find at the time of publication (unless otherwise specified).

I'm delighted to see you are mentioning LastPass.
I can't believe how hard it is to convince people that they should be using LastPass. It's secure, it does everything for you, and the list of proper security and convenience features is huge. I kinda feel like it's trying to convince someone to eat a Cinnabon for the first time - they don't think it's a big deal until they try it -- but once they try it they never want to go back.

Many sites (including google, discovercard, and bankofamerica), even though they have patched SSL, have not updated certificates since the publication of details on this bug and may still be compromised.